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CLAIMS 

1. A method for authenticating a user of a data transfer device, 
comprising: 

setting up (202) a data transfer connection from the data transfer 
5 device to a service access point; 

characterized by 

inputting (204) identification data of a subscriber of a mobile 

communications system to the service access point- 
checking (206) from the mobile communications system whether the 
10 mobile subscriber identification data contains an access right to the service 

access point; and, 

if a valid access right exists, generating (212) a password, 

transmitting (214) the password to a subscriber terminal corresponding to the 

mobile subscriber identification data, and logging in (216) to the service access 
15 point from the data transfer device using the password transmitted to the 

subscriber terminal. 

2. A method according to claim 1, characterized in that the 
mobile subscriber identification data consist of a mobile subscriber 
international ISDN number (MSISDN). 

20 3. A method according to claim 1, characterized in that in 

connection with the check, a query is sent to the home location register of the 
mobile communications system. 

4. A method according to claim 3, characterized in that the 
mobile subscriber identification data consist of the mobile subscriber 

25 international ISDN number, and with the query first the home location register 
of the mobile communications system is searched for the international mobile 
subscriber identity (IMS!) corresponding to the mobile subscriber international 
ISDN number and then with the international mobile subscriber identity the 
home location register of the mobile communications system is searched for 

30 the related subscriber data, where the access right is defined. 

5. A method according to claim 1, characterized in that the 
password is transmitted to the subscriber terminal in a packet-switched 
message. 

6. A method according to claim ^characterized in that the 
35 password is transmitted to the subscriber terminal in a short message. 
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7. A method according to claim 1, characterized in that the 
data transfer connection between the data transfer device and the service 
access point is a radio link. 

8. A method according to claim 7, characterized in that the 
5 radio link is implemented using a wireless local area network. 

9. A method according' to claim 7, characterized in that the 
radio link is implemented using a short-range radio transceiver. 

1 0. A method according to claim ^characterized in that the 
data transfer connection between the data transfer device and the service 

1 0 access point is wired. 

1 1 . A method according to claim 1, characterized in that the 
method further comprises: billing for the data transfer connection between the 
data transfer device and the service access point in a bill directed to the 
identification data of the mobile subscriber. 

15 12. A method according to claim 1, characterized in that 

the data transfer connection initially set up between the data transfer device 
and the service access point is maintained until login. 

1 3. A method according to claim 1, characterized in that the 
method further comprises: transmitting a second password from the service 

20 access point to the data transfer device over a data transfer connection, the 
second password being also used in connection with login. 

14. A method according to claim 1, characterized in that the 
method further comprises: transmitting a confirmation identifier from the 
service access point to the data transfer device over a data transfer connection 

25 and transmitting the same confirmation identifier to the subscriber terminal 
together with the password, the password being only used if the received 
confirmation identifiers are the same. 

1 5. A method according to claim 1, characterized in that the 
data transfer connection between the data transfer device and the service 

30 access point is set up when the subscriber terminal is roaming. 

16. A method according to claim 15, characterized in that 
the method further comprises: 

informing the subscriber terminal that if the roaming by the 
subscriber terminal in the visited mobile communications system fulfils a 
35 predetermined criterion, the data transfer connection from the data transfer 
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device to the service access point is provided at a lower charge than usual; 
and 

implementing the data transfer connection from the data transfer 
device to the service access point at a lower charge than usual if the 
5 predetermined criterion is met. 

17. A method according to claim 16, characterized in that 
the method further comprises: receiving at the visited mobile communications 
system information from the subscriber terminal indicating that a lower charge 
data transfer connection to the service access point is preferred. 

10 18. A method according to claim 17, characterized by 

receiving at the authentication server information from the visited mobile 
communications system indicating that the data transfer device of the user of 
the subscriber terminal will be provided with a lower charge data transfer 
connection to the service access point. 

15 1 9. A method according to claim 16, characterized in that 

the predetermined criterion is met if the subscriber terminal contacts the visited 
mobile communications system and/or if the subscriber terminal continues 
roaming in the visited mobile communications system for a predetermined 
time. 

20 20. A method according to claim 16, characterized in that to 

check whether the predetermined criterion is met, a periodic query is made to 
the home location register of the mobile subscriber's home mobile 
communications system. 

21 . A method according to claim 1, characterized in that the 
25 method further comprises: using the mobile subscriber identification data as a 

user ID in connection with login. 

22. A method according to claim 1, characterized in that the 
method further comprises: transmitting a user ID to the subscriber terminal 
corresponding to the mobile subscriber identification data and using the 

30 transmitted user ID in connection with login. 

23. A method according to claim 1, characterized in that the 
method further comprises: transmitting a user ID to the data transfer device 
over a data transfer connection and using the transmitted user ID in connection 
with login. 

35 24. A system for authenticating a user of a data transfer device, 

comprising: a data transfer device (100), a service access point (110) that can 
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be linked to the data transfer device (1 00) over a first data transfer connection 
(102), and an authentication server (114) linked to the service access point 
(110) over a second data transfer connection; 
characterized in that 
5 the service access point (110) is configured to receive over the first 

data transmission connection (106) identification data of a subscriber of a 
mobile communications system inputted from the data transfer device (100) 
and to transmit the mobile subscriber identification data to the authentication 
server (114) over the second data transfer connection; 

10 the authentication server (114) is configured to check from the 

mobile communications system (134) over a third data transfer connection 
whether the mobile subscriber identification data contains an access right to 
the service access point (110) and, if a valid access right exists, to generate a 
password and transmit the password to a subscriber terminal (102) 

15 corresponding to the identification data of the subscriber of the mobile 
communications system (134); and 

the data transfer device (100) is configured to use the password 
transmitted to the subscriber terminal (102) in connection with login to the 
service access point (1 1 0). 

20 25. A system according to claim 24, characterized in that 

the identification data of the subscriber of the mobile communications system 
(134) consist of the mobile subscriber international ISDN. 

26. A system according to claim 24, characterized in that 
the authentication server (114) is an AAA server (Authentication, Authorization 

25 and Accounting). 

27. A system according to claim 24, characterized in that for 
checking the access right to the service access point (110), the authentication 
server (114) is configured to transmit a query to the home location register 
(130) of the mobile communications system (134). 

30 28. A system according to claim 27, characterized in that 

the identification data of the subscriber of the mobile communications system 
(134) consist of the mobile subscriber international ISDN number, and the 
authentication server (1 14) is configured to submit the query to first search the 
home location register (130) of the mobile -communications system (134) for 

35 the international mobile subscriber identity corresponding to the mobile 
subscriber international ISDN number and then use the international mobile 
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subscriber identity to search the home location register (130) of the mobile 
communications system (134) for the related subscriber data, where the 
access right is defined. 

29. A system according to claim 24, characterized in that 
the authentication server (114) is configured to transmit the password to the 
subscriber terminal (102) in a packet-switched message. 

30. A system according to claim 24, characterized in that 
the authentication server (114) is configured to transmit the password to the 
subscriber terminal (102) in a short message. 

31. A system according to claim 24, characterized in that 
the first data transfer connection (106) is a radio link. 

32. A system according to claim 31, characterized in that 
the service access point (110) is configured to implement the radio link using a 
wireless local area network. 

33. A system according to claim 31, characterized in that 
the service access point (110) comprises a short-range radio transceiver for 
implementing the radio link. 

34. A system according to claim 24, characterized in that 
the first data transfer connection (106) is wired. 

35. A system according to claim 24, characterized in that 
the system further comprises an accounting server (116), which is configured 
to generate the billing data relating to the first data transfer connection (106) 
and to transfer the data to the mobile communications system (134), in which 
the billing data are formed into a bill associated with the identification data of 
the subscriber of the mobile communications system (134). 

36. A system according to claim 24, characterized in that 
the service access point (110) is configured to maintain the first data transfer 
connection (106) initially set up between the data transfer device (100) and the 
service access point (110) until login. 

37. A system according to claim 24, characterized in that 
the authentication server (114) is configured to transmit a second password 
from the service access point (110) to the data transfer device (100) over the 
first data transfer connection (106) and the data transfer device (100) is 
configured to also use the second password in connection with login. 

38. A system according to claim 24, characterized in that 
the authentication server (114) is configured to transmit a confirmation 
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identifier via the service access point (110) to the data transfer device (100) 
over the first data transfer connection (106) and to transmit the same 
confirmation identifier to the subscriber terminal (102) together with the 
password. 

39. A system according to claim 24, characterized in that 
the first data transfer connection (106) is set up when the subscriber terminal 
(102) is roaming. 

40. A system according to claim 39, characterized in that 
the visited mobile communications system (126) is configured to inform the 
subscriber terminal (102) that if the roaming by the subscriber terminal (102) in 
the visited mobile communications system (126) fulfils a predetermined 
criterion, the data transfer connection (106) from the data transfer device (100) 
to the service access point (110) is provided at a lower charge than usual, and 
the authentication server (114) is configured to implement the data transfer 
connection (106) from the data transfer device (100) to the service access 
point (110) at a lower charge than usual if the predetermined criterion is met. 

41 . A system according to claim 40, characterized in that 
the visited mobile communications system (126) is configured to receive from 
the subscriber terminal (102) information indicating that a data transfer 
connection (106) to the service access point (110) provided at a lower charge 

than usual is preferred. 

42. A system according to claim 41, characterized in that 
the authentication server (114) is configured to receive from the vis'rted mobile 
communications system (126) information indicating that the data transfer 
device (100) of the user of the subscriber terminal (102) will be provided with a 
data transfer connection (106) to the service access point (110) implemented 
at a lower charge than usual. 

43. A system according to claim 40, characterized in that 
the predetermined criterion is met if the subscriber terminal (102) contacts the 
visited mobile communications system (126) and/or if the subscriber terminal 
(102) continues roaming in the visited mobile communications system (126) 
continues for a predetermined time. 

44. A system according to claim 40, characterized in that to 
check whether the predetermined criterion is met, a periodic query is made to 
the home location register (130) of the home mobile communications system 
(134) of the subscriber terminal (102). 
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45. A system according to claim 24, characterized in that 
the data transfer device (100) is configured to use the mobile subscriber 
identification data as the password to log in to the service access point (110). 

46. A system according to claim 24, characterized in that 
5 the authentication server (114) is configured to transmit a user ID to the 

subscriber terminal (102) corresponding to the identification data of the 
subscriber of the mobile communications system (134) and the data transfer 
device (100) is configured to use the user ID transmitted to the subscriber 
terminal (102) in connection with login to the service access point (110). 

! 0 47. A system according to claim 24, characterized in that 

the authentication server (1 14) is configured to transmit the user ID via the 
service access point (110) to the data transfer device (100) over the first data 
transfer connection (106) and the data transfer device (100) is configured to 
use the user ID transmitted to the data transfer device (100) in connection with 

1 5 login to the service access point (110). 



